On Tue, Apr 14, 2009 at 6:00 PM, Jonathan Mast <jhmast.develo...@gmail.com> wrote:
> I've pretty much concluded that the problem is that the machine in question > is SELinux-enabled and that is cause of Tomcat's inability to access the > 8080 port (even though I can see tomcat on the process list, a "netstat -a" > indicates shows no entry for 8080). sounds fixable... > 1) Why not run Tomcat as root? We have Tomcat running as root on our > current setup (Httpd 1.3.33, Tomcat 5.5, JDK 1.4), I presume Tomcat 6 (JDK > 1.6) running by itself must be more secure than our current situation. Any > comments? Exposures are usually in apps; running any application with the lowest possible privilege level reduces risk. But there's no law against living dangerously -- we've probably all done it :-) > 2) My problem with jsvc is multiple: > c) really, if all this stuff is the "correct" way to run Tomcat on linux, > why doesn't come as part of the distribution? uhhh... it does. And I've never had to do more than ./configure and make on any platform to get it going. But as already pointed out -- run Tomcat on any non-privileged port and connect it to port 80 with iptables. > 4) I really want to avoid the complexity of httpd (see 2.a) An easy goal to reach, luckily. :-) FWIW, -- Hassan Schroeder ------------------------ hassan.schroe...@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
